20ba5263cd34a015a7ed26d497c4a3c99de70e310465552fa517fb8d4846c5a0

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 15:19

Target

d4ddd6f451486c0e98d63b958a38fdd0_NeikiAnalytics.exe
Size

79KB
MD5

d4ddd6f451486c0e98d63b958a38fdd0
SHA1

2c69b560f4fddc2721ddd361d0e171ee8e29bd8d
SHA256

20ba5263cd34a015a7ed26d497c4a3c99de70e310465552fa517fb8d4846c5a0
SHA512

6ab27d54220b0aad7d41bd7aa33ad18e64357c5089b9df5fa325fe62d8870a75bcb455adbedb2cbdcb6f9ed6545c8d5e1be868c6aed49947ef7a15d61c185f89
SSDEEP

1536:zvXvQ623RLlw9AQrOQA8AkqUhMb2nuy5wgIP0CSJ+5yNB8GMGlZ5G:zv/q3RL69uGdqU7uy5w9WMyNN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2500	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2892	cmd.exe
2892	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 2892	1044	d4ddd6f451486c0e98d63b958a38fdd0_NeikiAnalytics.exe	29
PID 1044 wrote to memory of 2892	1044	d4ddd6f451486c0e98d63b958a38fdd0_NeikiAnalytics.exe	29
PID 1044 wrote to memory of 2892	1044	d4ddd6f451486c0e98d63b958a38fdd0_NeikiAnalytics.exe	29
PID 1044 wrote to memory of 2892	1044	d4ddd6f451486c0e98d63b958a38fdd0_NeikiAnalytics.exe	29
PID 2892 wrote to memory of 2500	2892	cmd.exe	30
PID 2892 wrote to memory of 2500	2892	cmd.exe	30
PID 2892 wrote to memory of 2500	2892	cmd.exe	30
PID 2892 wrote to memory of 2500	2892	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\d4ddd6f451486c0e98d63b958a38fdd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d4ddd6f451486c0e98d63b958a38fdd0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2500

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
493671a09888c1bc6b375af55f15a626

SHA1
da47f6183a3bae7eb98ace236bb10ae2225d793a

SHA256
3941ae87474e6d800051411beabce0ec01cac584080342da39c1898ed9d5ab11

SHA512
80da9564fea2b812d5fe31d5885aff8ba6d0764d50c443e1db7753d857e4ce112656c1e8384d281f7a57c7b1829ce1d53132f31d67a6c18426dcce29d0809a20

Download Submit
memory/1044-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2500-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download